Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
winscp vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-3331
WinSCP prior to 5.17.10 allows remote malicious users to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
Winscp Winscp
1 Github repository
10
CVSSv2
CVE-2002-1357
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote malicious users to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Cisco Ios 12.1ea
Cisco Ios 12.1t
Cisco Ios 12.2t
Cisco Ios 12.2
Cisco Ios 12.2s
Cisco Ios 12.0s
Cisco Ios 12.0st
Cisco Ios 12.1e
Netcomposite Shellguard Ssh 3.4.6
Pragma Systems Secureshell 2.0
Putty Putty 0.53
Winscp Winscp 2.0.0
Putty Putty 0.48
Putty Putty 0.49
Fissh Ssh Client 1.0a For Windows
Intersoft Securenetterm 5.4.1
10
CVSSv2
CVE-2002-1358
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote malicious users to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Cisco Ios 12.0s
Cisco Ios 12.0st
Cisco Ios 12.1t
Cisco Ios 12.2
Cisco Ios 12.2s
Cisco Ios 12.1e
Cisco Ios 12.1ea
Cisco Ios 12.2t
Fissh Ssh Client 1.0a For Windows
Intersoft Securenetterm 5.4.1
Putty Putty 0.48
Putty Putty 0.49
Netcomposite Shellguard Ssh 3.4.6
Pragma Systems Secureshell 2.0
Putty Putty 0.53
Winscp Winscp 2.0.0
10
CVSSv2
CVE-2002-1359
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote malicious users to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Cisco Ios 12.2s
Cisco Ios 12.2t
Cisco Ios 12.1e
Cisco Ios 12.1ea
Cisco Ios 12.0s
Cisco Ios 12.0st
Cisco Ios 12.1t
Cisco Ios 12.2
Putty Putty 0.53
Winscp Winscp 2.0.0
Netcomposite Shellguard Ssh 3.4.6
Pragma Systems Secureshell 2.0
Fissh Ssh Client 1.0a For Windows
Intersoft Securenetterm 5.4.1
Putty Putty 0.48
Putty Putty 0.49
2 EDB exploits
10
CVSSv2
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote malicious users to cause a denial of service or possibly execute arbitrary code due to interactions with t...
Cisco Ios 12.1t
Cisco Ios 12.2
Cisco Ios 12.0s
Cisco Ios 12.0st
Cisco Ios 12.2s
Cisco Ios 12.2t
Cisco Ios 12.1e
Cisco Ios 12.1ea
Pragma Systems Secureshell 2.0
Putty Putty 0.48
Fissh Ssh Client 1.0a For Windows
Putty Putty 0.49
Putty Putty 0.53
Winscp Winscp 2.0.0
Intersoft Securenetterm 5.4.1
Netcomposite Shellguard Ssh 3.4.6
9.3
CVSSv2
CVE-2007-4909
Interpretation conflict in WinSCP prior to 4.0.4 allows remote malicious users to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login...
Winscp Winscp 3.5.6
Winscp Winscp 3.6
Winscp Winscp 4.0.2
Winscp Winscp 4.0.3
Winscp Winscp 3.6.1
Winscp Winscp 3.6.5 Beta
Winscp Winscp 2.0.0
Winscp Winscp 3.5.5 Beta
Winscp Winscp 3.8.1
Winscp Winscp 3.8.2
Winscp Winscp 3.6.6
Winscp Winscp 3.6.7
1 EDB exploit
7.5
CVSSv2
CVE-2020-28864
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
Winscp Winscp 5.17.8
7.1
CVSSv2
CVE-2006-3015
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote malicious users to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Winscp Winscp 3.8.1
1 EDB exploit
6.8
CVSSv2
CVE-2013-4852
Integer overflow in PuTTY 0.62 and previous versions, WinSCP prior to 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an...
Winscp Winscp 5.1.4
Winscp Winscp 5.1.3
Winscp Winscp 5.1.2
Winscp Winscp 5.1.1
Winscp Winscp 4.3.8
Winscp Winscp 4.3.7
Winscp Winscp 4.3.6
Winscp Winscp 3.7.6
Winscp Winscp 5.0.6
Winscp Winscp 5.0.5
Winscp Winscp 5.0.4
Winscp Winscp 5.0.3
Winscp Winscp 5.0.2
Winscp Winscp 4.2.6
Winscp Winscp 4.2.7
Winscp Winscp 4.2.8
Winscp Winscp 4.2.9
Winscp Winscp 5.0.9
Winscp Winscp 5.0.7
Winscp Winscp 5.0
Winscp Winscp 4.3.9
Winscp Winscp 3.8.2
6.4
CVSSv2
CVE-2018-20684
In WinSCP prior to 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
Winscp Winscp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »